This is a partial list of the major machine-independent changes
(i.e., these are the changes people ask about most often). Machine
specific changes have also been made, and are sometimes mentioned
in the pages for the specific platforms.

Changes made between OpenBSD 4.8 and 4.9

Introduced a dummy function in ifconfig(8) if SMALL is defined to digest arguments like "rdomain", "description", etc. so that the ifconfig(8) on RAMDISK is able to parse hostname.if(5) files on updates.

Avoid dereferencing a NULL pointer during VT switches when composite is active in xf86-video-intel. Fixes a crash.

Fixes the heavy rendering errors and crashes that could make inteldrm(4) unusable on a 865G since 4.8. Fixes PR6517.

Make crontab -l not crash on crontab(5) files that don't have the expected three lines of comments.

SECURITY FIX: An incorrectly formatted ClientHello handshake message could cause OpenSSL to parse past the end of the message. An attacker could use this flaw to trigger an invalid memory access, causing a crash of an application linked to OpenSSL. As well, certain applications may expose the contents of parsed OCSP extensions, specifically the OCSP nonce extension.
Applications are only affected if they act as a server and call SSL_CTX_set_tlsext_status_cb on the server's SSL_CTX. It is believed that nothing in the base OS uses this. Apache httpd started using this in v2.3.3; this is newer than the version in ports.A source code patch is available.[Applied to stable]

Put a limit on fnmatch(3) recursion during matching, and reject input of size greater or equal PATH_MAX.

Multiple improvements in otus(4), rsu(4), run(4), urtwn(4): use usb_ref_{incr,decr,wait}() to avoid detaching the driver while a process is still using the hardware; don't add timeout(9)s if the device is detached; added checks to see if the device has been detached before running ioctls, timeouts, and tasks; use usb_wait_task() to wait for tasks to complete.

Make pf(4) reinitialize header length of unusual protocol number getting rewritten. Prevent a panic in m_clget().

Multiple improvements in usb(4): merged 'onqueue' and 'running' members of struct usb_task into a new member, 'state'; added new function usb_wait_task() which waits for queued or running usb_tasks to complete; in the USB_DEVICEINFO ioctl, fill struct usb_device_info in a usb_task, thereby avoiding races against driver attach/detach.

Fixed an mbuf leak in mpe(4) by replacing m_free() with m_freem() in mpe_input().

Fixed a memory leak by replacing m_free() with m_freem() in trunk(4) broadcast mode.

In generic Ethernet functions, changed an m_free() to m_freem() to free the whole mbuf chain and to prevent a possible memory leak with bpf(4) BIOCSFILDROP option which is currently used by dhcpd(8) and dhclient(8).

Prevent midi(4) from sleeping with the PCATCH flag while closing itself, otherwise a signal may cause the output buffer to not be drained and cause stale notes.

Gave pf(4) pf_normalize_ip() the same 3 way semantics as pf_test(): PF_DROP, the packet is bad, the mbuf still exists and must be freed; PF_PASS and *m0 is NULL, the packet has been processed, not an error; PF_PASS and *m0 is not NULL, continue with packet processing. Fixes a potential mbuf use after free.

When ospfd(8) is fixing conflicts make sure the right vertex is passed to lsa_merge() so that the correct sequence number is used for the LSA.

Sync tbl(7) handling with upstream version 1.10.9: .T} can be followed by a delimiter, then more data; do not limit table column widths (improves terminfo(5)); let numerical cells respect explicitly specified minimum cell widths; let terminal output survive missing data cells; parse and ignore arguments in parentheses on layout cell specifications; move tbl_calc() into out.c such that it can be used by all frontends; give tables an HTML class; some cleanup in tbl -Thtml code.

Make sure coding errors cannot make mandoc(1) miss fatal parsing errors by assert(3)ing valid parser state in the main parsing functions.

Minor improvements to random(4): only support pool words equal to 2048, define the amount of used key, define the amount of skipped rc4, use arc4random_buf instead of reimplementing in line, bzero some more "secrets".

Substantially rewrite random(4): put a very thin mutex at the entropy-collection side, place a 2nd very thin mutex at the call-down path as well, move the pool->MD5->RC4init sequence into a workq driven from a timeout.

In mandoc(1) libmdoc, replace the union of pointers to structs of macro-specific data by a pointer to a union of structs, which makes the code simpler and more robust at the expense of a small memory overhead.

Added some groff behaviour to mandoc(1): Specifying both .%T and .%J in an .Rs block causes the title to be quoted instead of underlined, such that journal title and article title appear visually different.

Removed pmap_phys_address(), and force every driver's mmap() routine to return a physical address in all platforms. Allows machine-independent drivers to implement mmap(2) routines without having to know about the pmap_phys_address() implementation.

Polished mandoc(1) HTML output: use <SMALL> for .SM and <CODE> for .Dl, <B> for bold and <I> for italic.

Added a param to uvm_map_hint to not skip over the heap, and use it as a last resort if mmap otherwise fails to enable more complete address space utilization.

Prevent linker failure with sparc crtbeginS.o.

Prevent pms(4) from crashing when doing an ioctl(2) (eg wsconsctl -a) before first activation (wsmoused or X).

Prevent rc.subr from overwriting local_rcconf by flags from the rc(8) script.

Replaced a boot(RB_HALT) to a panic in amd64 machine-dependent trap.c to make it in line with the other architectures.

In Xenocara updated xf86dga to version 1.0.3, xinit to 1.3.0,

Added support for hex keys in the ifconfig(8) wpakey code (full length only).

Fixed OpenCVS init command.

In Xenocara, updated bigreqsproto to version 1.1.1, compositeproto to 0.4.2, damageproto to 1.2.1, fixesproto to 4.1.2, fontsproto to 2.1.1, randrproto to 1.3.2, recordproto to 1.14.1, scrnsaverproto to 1.2.1, xcmiscproto to 1.2.1, libFS to 1.0.3, libXres to 1.0.5, libXScrnSaver to 1.2.1, libXaw to 1.0.8, libXcomposite to 0.4.3, libXcursor to 1.1.11, libXfont 1.4.3, libXinerama to 1.1.1, libXmu to 1.1.0, libXpm to 3.5.9, libXrandr to 1.3.1, libXt to 1.0.9, libXtst to 1.2.0, libXv to 1.0.6, libXxf86dga to 1.1.2, libXxf86vm to 1.1.1, libdmx to 1.1.1, libfontenc to 1.1.0, libxkbfile to 1.0.7, imake to 1.0.4, makedepend to 1.0.3, xorg-macros to 1.11.0, bdftopcf to 1.0.3, beforelight to 1.0.4, bitmap to 1.0.5, editres to 1.0.5, fslsfonts to 1.0.3, fstobdf to 1.0.4, iceauth to 1.0.4, ico to 1.0.3, mkfontscale to 1.0.8, rgb to 1.0.4, showfont to 1.0.3, smproxy to 1.0.4, twm to 1.0.5, viewres to 1.0.3, xconsole to 1.0.4, appres to 1.0.3, xdpyinfo to 1.2.0, xedit to 1.2.0, xev to 1.1.0, xfd to 1.1.0, xfs to 1.1.1, xfsinfo to 1.0.3, xgc to 1.0.3, xhost to 1.0.4, xkbevd to 1.1.1, xkbutils to 1.0.3, xlogo to 1.0.3, xmag to 1.0.4, xman to 1.1.1, xmodmap to 1.0.5, xprop to 1.2.0, xrandr to 1.3.4, xsertroot to 1.1.0, xsm to 1.0.2, font-util to 1.2.0, encodings to 1.0.4 and all fonts packages to latest X.Org versions.

Make the return of rfork(2) consistent with gethrid(). Fixes an rthread breakage.

Make netstat(1) print socket structure internals when netstat -P pcbaddr is called with -v.

Make the installer create a matching group for the user upon user creation.

Fixed a few logic errors in misp64 comparison instruction emulation: make sure the less than relation is correctly computed, and check for both operands being signaled NaNs, instead of only the first NaN found, to decide whether to raise an invalid exception or not.

Fixed an off-by-one in a mandoc(1) assertion, crashing the renderer on ".Os \&".

Prevent various usb network devices from freeing network related resources if they were not allocated.

Big update to vmt(4), vmware tools functionality: initiate shutdown by signalling init with SIGUSR2 when requested by the host; initiate a reboot by signalling init with SIGINT when requested by the host; report the guests hostname, first non-loopback IP address and uptime to the host; update the guests timedelta sensor using the 64bit rpc.

In uvideo(4): added a structure that represents USB descriptor with variable sized member as in uaudio(4) and reenabled control support for devices where bControlSize is different from 2 in the processing unit descriptor.

In ikectl(8): added a -q (quiet) command line option that will be used by ike CA to set openssl batch mode, allow to specify the initial CA password on the command line, allow to create certificate for clientAuth or serverAuth only.

Set saner permissions on ikectl(8) CA directory export, so there is no need to change perms of /etc/iked when extracting.

Make ikectl(8) create an empty but valid CRL list when a new CA is created.

Added two new options to tmux(1) : server option "exit-unattached", makes the server exit when no clients are attached, even if sessions are present; session option "destroy-unattached" that destroys a session once no clients are attached to it. These are useful for preventing tmux remaining in the background where it is undesirable and when using tmux as a login shell to keep a limit on new sessions.

Make mandoc(1) report an ERROR if an explicit scope is still open at the end of an input file: it can still render the page by just closing the open scope, but it is likely that information will be missing or document structure mangled.

Modified tmux(1) server permissions on the socket when adding or removing +x to show attached sessions, rather than replacing them.

In mandoc(1), make no punctuation after .%* outside .Rs in .Rs, mark full stops after .%* as end of a sentence.

Added to glob(3) a GLOB_KEEPSTAT option that retains a copy of the struct stat information that is looked up while matching globs.

Implemented if_freenameindex() in TCP/IP stack as a real function as required by POSIX.

Added stricter asserts to DIAGNOSTIC kernels to help catch mutex and rwlock issues: i386 and amd64 now count the number of active mutexes so that assertwaitok() can detect attempts to sleep while holding a mutex, i386 and amd64 check that we actually hold mutexes when passed to mtx_leave(), calls to rw_exit*() now call rw_assert_{rd,wr}lock() as appropriate.

Added usb_rem_wait_task() to usb(4), a wrapper for usb_rem_task() that waits for the task to complete if the task is already running.

Added two members to usb(4) struct usb_task: ``usbd_device_handle dev'', the device responsible for the task (use this to not run the task if the device's hub is dying) and ``int running'', a flag to be set when the task is running.

Implemented support for ldapd(8) bsdauth authentication via simple binds, not only SASL.

Added cache operations for the octeon platform.

Make smtpd(8) use the same buffer for local deliveries to files and commands.

Make snmpd(8) return error on GET requests without an instance identifier, both for tables and scalar values. Fixes PR6468 by not calling table get functions with an unexpectedly short OID. Also fixes PR6071. Scalar variables without an instance specified now returns a noSuchInstance error. GetNext requests correctly returns the .0 instance but it must be specified explicitly: $ snmpget -v2c -c public localhost SNMPv2-MIB::sysDescr.0

Allow output of null values with a context class. This is used in SNMPv2 to return an error exception value for a varbind result ("noSuchObject[0] IMPLICIT NULL" in RFC1905).

Fixed a variety of structure packing and byte order bugs in ixgb(4) to try to get BE support working.

Many improvements in iked(8): allowed ESP proposals without integrity and AH proposals without encryption; added additional nonce length field, use that for the ciphers that require additional keying material; setup right flow direction depending on the mode: fixes up iked(8) working as an initiator against charon.

In tmux(1), added -n and -p flags to switch-client to move to the next and previous session.

Prevent tmux(1) from crashing if the screen size is too small for the indicator in copy mode.

Activated NTFS in i386 and amd64 GENERIC kernels.

In disk(9), introduced a disk_lookup() function which calls device_lookup(), before verifying that the resulting device is present on the disklist. This avoids a race whereby the disk driver can be accessed as soon as the softc has been allocated, but before the disk has completed initialization and has called disk_attach().

In ssh(1), added buffer_get_cstring() and related functions that verify that the string extracted from the buffer contains no embedded \0 characters*. It prevents random (possibly malicious) crap from being appended to strings.

Make sure local arrays of chars are word-aligned on strict alignment architectures with gcc(1), as is done for global ones. Though not explicitly allowed by the C standard it has been historically handled correctly by most C compilers.

Fixed kernel compiling with disabled IPSEC and enabled GIF/MPLS.

Make 2nd resume work on arm and zaurus.

Correctly compute loongson memory size if less than 256MB.

Fixed an uninitialized value leading to bogus KASSERT in uvm_pmr_use_inc().

Started implementation of activate function in acpiasus(4) to replace powerhooks functions.

Fixed autoconfiguration for accelerated drivers on sparc/sparc64, currently limited to sunffb(4).

Provided a way to get < and > symbols on pckbc(4) pc101-key slovenian layouts.

Make PCI Power Management optional, and only enable it when acpi(4) attaches.

Worked around a rare race condition that can happen if daily(8) zaps old files from /var/tmp while pkg_add(1) is installing or updating a package and hasn't yet moved or even read some of the files in /var/tmp/pkginfo.* (typically +DESCR).

Make the number of vnode(9)s correspond to the number of buffers in buffer cache.

Fixed a logic problem which could in theory cause pfctl(8) to recursively print anchors with wildcards when not requested via the command line but in practice only applied to automatically generated inline anchors (which don't have wildcards) or when recursion was requested.